About Software Audits And Software Asset Management

Gartner, Inc. expects a four-fold explosion in the adoption of Software License Optimization & Entitlement (SLOE) solutions worldwide.
In the 12 months prior to September 2014, software-license audits reached an all-time high. It’s estimated that organizations now have a 68% chance of being audited by at least one software vendor this year (up from 54% in 2009).
Gartner advises it’s not whether a software vendor such as IBM will audit you, but when it’ll happen.
TxMQ has completed a number of Software Asset Management engagements and audit-remediation projects. There’s no way to avoid the reality that audits are painful exercises. The amount of staff time and resources that companies expend to get through audits is staggering. Even a small company can spend many thousands of employee hours and pay fees to partner firms like TxMQ – all while auditors, lawyers and accountants get their pounds of flesh.
The reality is that managing software usage and entitlements is an incredibly complex process for companies – a lot like managing your own personal taxes. All major vendors like IBM, Microsoft, Oracle, Adobe, VMware and the rest operate with increasingly complex rules around virtual usage, cloud usage and non-production usage.
Our philosophy at TxMQ is this: Most of us have a tax planner or accountant to handle our personal taxes (and audits if they should happen). Companies should use a partner to manage their software-asset entitlements, usage and compliance.
In all likelihood you’ll be audited by one of your vendors. How prepared are you to come out squeaky clean? What can you do to minimize the audit pain points. How can you prevent a re-audit? If you have a partner firm that’s responsible for reporting software usage and entitlements, maintaining clean records and handling “true ups” for overages, any audit will be a breeze.
You wouldn’t go through an IRS audit without your accountant. Do you really think it makes sense to go through a software audit without a partner on your side?
TxMQ works with companies to put a Software Asset Management (SAM) strategy together to help mitigate the risk and exposure you face. We have options from full management all the way down to as-needed license reviews. There’s an option to fit every situation and need. Most companies prefer a managed-service solution, whereby TxMQ actively engages to manage software usage, but also puts in place best practices for change management, SDLC compliance and more.
In many cases, TxMQ uses tools like IBM EndPoint Manager, which further extends a company’s capabilities to:

  • Cut costs and downtime while securely managing datacenters and distributed servers
  • Reduce cost, risk and complexity of managing desktops, laptops and other devices
  • Ensure continuous security and compliance and keep companies out of the negative news
  • Maintain audit readiness and continuous license compliance with always-on Software Asset Management
  • Manage BYOD policies and the mobile enterprise

There’s no downside to a conversation. Let TxMQ begin with a no-obligation discovery call to review situation and help you put a plan in place to minimize your compliance exposure. Contact us before the auditors contact you.
(Image by Simon Cunningham)
 

Use Asset Management To Control Costs And Create A More Secure Enterprise Environment

Enterprise environments, by nature, are often cluttered with all sorts of licensed, previously licensed and probably some unlicensed applications and tools in various states of use. Think: Does your business maintain an install and uninstall record of all software? How well did your IT department document that project 2 years ago where you brought in all those contractors and software tools you haven’t used since? Did the project closeout include the uninstallation and/or decommissioning of no-longer-needed hardware and software? Based on what we’ve seen in the marketplace, the answers are not always, not well and not at all.
While this is an area that sits squarely under the umbrella of asset management, it also touches on compliance, and process and control.
Gaps in these areas create two very real problems.
1. An audit from a software vendor, say IBM, that reveals unpaid licensed software can generate large and unforeseen charges – especially if your company has grown substantially since the original install date.
2. Hackers are expert at exploiting the sorts of weaknesses these lapses can create. Oftentimes, the hacks come from within the organization, not from the outside.
There are a number of tools to help companies with asset management.
IBM’s License Metric Tool, or ILMT, is a free IBM-specific tool under its new Tivoli-based IBM Endpoint Manager. (The prior version of ILMT was server-based.) ILMT acts like a ferret: Install it, let it out of its cage and it will start digging to find every IBM product running on the servers (there is a bit more to the installation than this, but the author hopes you understand the analogy). Analysts can then easily map the findings to understand locations, history, activity and license agreements.
ILMT is free, hence its limitation: It can only detect and report IBM-related ware. A buy-up to the Software Use Analysis (SUA) tool, which also runs under the IBM Endpoint Manager, can detect non-IBM ware. That means you can quickly and easily map Oracle, Microsoft and other commonly licensed software – whether active, inactive or hidden.
A recent Gartner Report evaluated the new IBM Endpoint Manager for ILMT and SUA against competitors, identified it as a “Leader” and noted:
“Endpoint Manager’s primary differentiator is that the tool’s intelligence is on the endpoint, rather than the server. This allows the agent to actively discover a deviation from policy and execute remediation, rather than rely on a predefined schedule of system scans and subsequent server-side reporting. This enables organizations to maintain higher degrees of configuration compliance. The product’s endpoint-oriented control, along with its relay server architecture, results in a relatively small server footprint to support the Endpoint Manager environment, and makes it a good fit for highly distributed environments.”
But the report cautioned: “Uptake of OS deployment remains low. Organizations cite a lack of documentation and known best practices to use this module effectively. Certain patches (e.g., Microsoft nonsecurity) often require manual configuration prior to deployment. IBM’s packaging, bundling options and pricing of its various management functionality are complex and can be challenging for users to understand.”
As an IBM Premier Partner, TxMQ is uniquely qualified to help your business acquire, install, run and act on the results of IBM Endpoint Manager for ILMT and/or SUA.
To get started, contact TxMQ vice president and middleware specialist Mile Roty: (716) 636-0070 x226, [email protected], LinkedIn.com/In/MilesRoty.
Photo courtesy of Sean MacEntee.